Skip to content

Pentesting network services

Port numbers range from 1 to 65,535, with the range of well-known ports 1 to 1,023 being reserved for privileged services. Port 0 is a reserved port in TCP/IP networking and is not used in TCP or UDP messages. If anything attempts to bind to port 0 (such as a service), it will bind to the next available port above port 1,024 because port 0 is treated as a "wild card" port.

See Pentesting network services.

To locate easily one: https://www.cheatsheet.wtf/PortNumbers/

All ports in raw: https://raw.githubusercontent.com/maraisr/ports-list/master/all.csv.

TCP

Protocol Acronym Port Description Tools
File Transfer Protocol FTP 20-21 Used to transfer files ftp, lftp , ncftp, filezilla, crossftp
Secure Shell SSH 22 Secure remote login service
Telnet Telnet 23 Remote login service
Simple Network Management Protocol SNMP 161-162 Manage network devices
Hyper Text Transfer Protocol HTTP 80 Used to transfer webpages
Hyper Text Transfer Protocol Secure HTTPS 443 Used to transfer secure webpages
Domain Name System DNS 53 Lookup domain names
Trivial File Transfer Protocol TFTP 69 Used to transfer files
Network Time Protocol NTP 123 Synchronize computer clocks
Simple Mail Transfer Protocol SMTP 25 Used for email transfer Thunderbird, Claws, Geary, MailSpring, mutt, mailutils, sendEmail, swaks, sendmail.
Post Office Protocol POP3 110 Used to retrieve emails
Internet Message Access Protocol IMAP 143 Used to access emails
Server Message Block SMB 445 Used to transfer files Samba Suite, smbclient, crackmapexec, SMBMap, smbexec.py, psexec.py, Impacket
Network File System NFS 111, 2049 Used to mount remote systems
Bootstrap Protocol BOOTP 67, 68 Used to bootstrap computers
Kerberos Kerberos 88 Used for authentication and authorization
Lightweight Directory Access Protocol LDAP 389 Used for directory services
Remote Authentication Dial-In User Service RADIUS 1812, 1813 Used for authentication and authorization
Dynamic Host Configuration Protocol DHCP 67, 68 Used to configure IP addresses
Remote Desktop Protocol RDP 3389 Used for remote desktop access
Network News Transfer Protocol NNTP 119 Used to access newsgroups
Remote Procedure Call RPC 135, 137-139 Used to call remote procedures
Identification Protocol Ident 113 Used to identify user processes
Internet Control Message Protocol ICMP 0-255 Used to troubleshoot network issues
Internet Group Management Protocol IGMP 0-255 Used for multicasting
Oracle DB (Default/Alternative) Listener oracle-tns 1521/1526 The Oracle database default/alternative listener is a service that runs on the database host and receives requests from Oracle clients.
Ingres Lock ingreslock 1524 Ingres database is commonly used for large commercial applications and as a backdoor that can execute commands remotely via RPC.
Squid Web Proxy http-proxy 3128 Squid web proxy is a caching and forwarding HTTP web proxy used to speed up a web server by caching repeated requests.
Secure Copy Protocol SCP 22 Securely copy files between systems
Session Initiation Protocol SIP 5060 Used for VoIP sessions
Simple Object Access Protocol SOAP 80, 443 Used for web services
Secure Socket Layer SSL 443 Securely transfer files
TCP Wrappers TCPW 113 Used for access control
Network Time Protocol NTP 123 Synchronize computer clocks
Internet Security Association and Key Management Protocol ISAKMP 500 Used for VPN connections
Microsoft SQL Server ms-sql-s 1433 Used for client connections to the Microsoft SQL Server. mssql-cli, mssqlclient.py, dbeaver
Kerberized Internet Negotiation of Keys KINK 892 Used for authentication and authorization
Open Shortest Path First OSPF 520 Used for routing
Point-to-Point Tunneling Protocol PPTP 1723 Is used to create VPNs
Remote Execution REXEC 512 This protocol is used to execute commands on remote computers and send the output of commands back to the local computer.
Remote Login RLOGIN 513 This protocol starts an interactive shell session on a remote computer.
Remote Copy and Remote Shell RCPand RSH 514 Copy a file or directory bidirectionally from the local system to the remote system (or vice versa) or from one remote system to another. It works like the cp command on Linux but provides no warning to the user for overwriting existing files on a system.
Opens a shell on a remote machine without a login procedure. Relies upon the trusted entries in the /etc/hosts.equiv and .rhosts files for validation.
X Window System X11 6000 It is a computer software system and network protocol that provides a graphical user interface (GUI) for networked computers.
Relational Database Management System DB2 50000 RDBMS is designed to store, retrieve and manage data in a structured format for enterprise applications such as financial systems, customer relationship management (CRM) systems.

UDP

Protocol Acronym Port Description
Domain Name System DNS 53 It is a protocol to resolve domain names to IP addresses.
Trivial File Transfer Protocol TFTP 69 It is used to transfer files between systems.
Network Time Protocol NTP 123 It synchronizes computer clocks in a network.
Simple Network Management Protocol SNMP 161 It monitors and manages network devices remotely.
Routing Information Protocol RIP 520 It is used to exchange routing information between routers.
Internet Key Exchange IKE 500 Internet Key Exchange
Intelligent Platform Management Interface (IPMI) IPMI 623, 1900 System management tool that provides sysadmins with the ability to manage and monitor systems even if they are powered off or in an unresponsive state.
Bootstrap Protocol BOOTP 68 It is used to bootstrap hosts in a network.
Dynamic Host Configuration Protocol DHCP 67 It is used to assign IP addresses to devices in a network dynamically.
Telnet TELNET 23 It is a text-based remote access communication protocol.
MySQL MySQL 3306 It is an open-source database management system.
Terminal Server TS 3389 It is a remote access protocol used for Microsoft Windows Terminal Services by default.
NetBIOS Name netbios-ns 137 It is used in Windows operating systems to resolve NetBIOS names to IP addresses on a LAN.
Microsoft SQL Server ms-sql-m 1434 Used for the Microsoft SQL Server Browser service.
Universal Plug and Play UPnP 1900 It is a protocol for devices to discover each other on the network and communicate.
PostgreSQL PGSQL 5432 It is an object-relational database management system.
Virtual Network Computing VNC 5900 It is a graphical desktop sharing system.
X Window System X11 6000-6063 It is a computer software system and network protocol that provides GUI on Unix-like systems.
Syslog SYSLOG 514 It is a standard protocol to collect and store log messages on a computer system.
Internet Relay Chat IRC 194 It is a real-time Internet text messaging (chat) or synchronous communication protocol.
OpenPGP OpenPGP 11371 It is a protocol for encrypting and signing data and communications.
Internet Protocol Security IPsec 500 IPsec is also a protocol that provides secure, encrypted communication. It is commonly used in VPNs to create a secure tunnel between two devices.
Internet Key Exchange IKE 11371 It is a protocol for encrypting and signing data and communications.
X Display Manager Control Protocol XDMCP 177 XDMCP is a network protocol that allows a user to remotely log in to a computer running the X11.

well-known ports

Last update: 2024-09-08
Created: July 7, 2023 14:53:03